Bug 2497554 (CVE-2026-59710) - CVE-2026-59710 showdown: Showdown: Stored Cross-Site Scripting via unescaped table header ID attributes in markdown
Summary: CVE-2026-59710 showdown: Showdown: Stored Cross-Site Scripting via unescaped ...
Keywords:
Status: NEW
Alias: CVE-2026-59710
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-06 22:03 UTC by OSIDB Bzimport
Modified: 2026-07-08 10:57 UTC (History)
29 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-06 22:03:05 UTC
showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdown table headers, achieving stored XSS when untrusted markdown is rendered with the default github flavor configuration.


Note You need to log in before you can comment on or make changes to this bug.